You won't want to miss out on the world-class speakers at TNW Conference this year 🎟 Book your 2 for 1 tickets now! This offer ends on April 22 →

This article was published on March 2, 2016

Pirates turn to hacking on the high-seas


Pirates turn to hacking on the high-seas

Piracy these days generally refers to software, but Verizon has unearthed a case of real-life pirates actually conducting the act in order to raid a number of ships.

The group of pirates hacked into a shipping company’s content management system and managed to acquire confidential information on schedules and cargo aboard different vessels. The report explains:

Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion. Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart. When crews eventually left their safe rooms hours later, it was to find that the pirates had headed straight for certain cargo containers.

While the situation is worrying for shipping companies, there is a silver lining – the report concluded that the group were indeed creative but not the most skilled hackers.

They failed to enable SSL on the web shell and sent their commands in plain text, which in turn allowed the shipping company to write a code to remove them relatively easily. The report also states that they discovered numerous mistyped commands.

The shipping company successfully managed to implement a reverse shell and curb any further attempts at hacking by the pirates, which did happen.

The report claims they saw the pirates spending a lot of time trying to get around their newly-secured CMS, which ultimately proved to be unsuccessful. The pirates also appear to have not used a proxy during these attempts from their home systems, which is just a rookie mistake.

While pirates aren’t a new nuisance in the maritime world, this attack shows that they are becoming more and more advanced in their techniques, even if these ones were a little rough around the edges.

Not so long ago, the Ukraine experienced the world’s first blackout caused by hackers after an attack on its regional power authorities left the systems infected with malware.

This is an example of yet another industry that has inadvertently left itself open to hacking. A pirate that’s armed with both ammunition and hacking skills is not something that all industries are ready to face.

Data Breach Digest [Verizon]

Get the TNW newsletter

Get the most important tech news in your inbox each week.